Server's Missing KBs Tab Not Accurate

How do I fix Defender showing that servers are missing KB patches when I know they've been installed and the server restarted after? I so need some help and guidance from this community. Here's the back story.

Every month, our security office generates tickets for servers that are missing Server OS patches using Defender reporting. I appreciate them doing that.

My goal is that we never get one of those tickets. For almost a year, in almost every case, where we received the ticket, we've been able to show that KB was installed weeks prior and that the server was rebooted after. I currently have one server showing that it's missing a KB, but it was installed and reported in December. I can see in InsightVM, our vulnerability scanner, that the KB was installed.

Defender ATP shows the server agent to be healthy (all green lights) and is reporting in.

We can query the server with PowerShell to see that the hotfix is installed and that we've restarted after. I can also tell from our vulnerability scanner that the patches are installed as those vulnerabilities don't appear and the missing KB as reported by Defender is not one of the recommendations.

Thanks in advance!